[00:13.140 --> 00:20.160]  Welcome to Between Two Nerds. My name is Brett Goldstein. I'm the Director of the Defense Digital Service.
[00:20.500 --> 00:25.260]  And I'm Will Roper. I run all of the Air Force and Space Force programs.
[00:25.260 --> 00:29.020]  And we would like to introduce Roro, our moderator today.
[00:29.360 --> 00:34.340]  Roro is a member of the Defense Digital Service and has mad security skills.
[00:34.340 --> 00:39.180]  First things first, I wanted to ask you all the question that I've reached out to a bunch of hackers in the community about.
[00:39.200 --> 00:44.160]  And the most important thing that's on their minds right now is how do you attach the lanyard to the cassette tape?
[00:44.160 --> 00:46.400]  Well, that's a question for Dr. Roper, I think.
[00:46.880 --> 00:50.200]  Dr. Roper, considering your advanced work in this space...
[00:51.960 --> 00:55.120]  Well, I mean, first of all, there's a design issue here.
[00:55.120 --> 00:59.480]  So, whoever did this, you're fired if you're on the Air Force.
[00:59.880 --> 01:06.060]  Thing two, there's no place to immediately hook it, so I'd say we just tie it.
[01:06.060 --> 01:12.580]  We just tie it here, and then we hang it around her neck and get a better cassette next year, whoever did this.
[01:12.580 --> 01:14.560]  Do you have the duct tape?
[01:14.560 --> 01:17.900]  I mean, basically, if you have a small neck, you're okay.
[01:18.580 --> 01:22.740]  Like an actual duck. I could wear this if you don't have duct tape.
[01:23.140 --> 01:29.480]  So the other question that has also been on their minds is why are you all here at DEFCON Safe Mode?
[01:29.680 --> 01:33.940]  Sure, well, I mean, you had incriminating evidence on me, so I'm here.
[01:34.580 --> 01:44.740]  We're going to try to go flat the whole time, Roro. This is Between Two Nerds, after all, the inaugural shooting, so no laughter, no fun. This is serious business.
[01:44.740 --> 01:47.080]  We're hoping to be syndicated.
[01:47.480 --> 01:53.440]  Eventually. We can't afford firms yet, but we're headed towards that next step.
[01:53.440 --> 02:01.840]  Roro, we need a bit more of a positive attitude on this. Like, as we think about sort of our future careers, there seems to be a lot of potential.
[02:01.840 --> 02:12.980]  Row cubed today, Roro. So, Roro, in all seriousness, because we're being serious here on Between Two Nerds, satellite security is a big deal.
[02:13.260 --> 02:22.780]  All joking aside, it's a big deal. Our lives depend on space working in a benign, peaceful way that makes life better for everyone.
[02:22.780 --> 02:30.720]  You need it for the data that's coming to your phone right now. You need it for navigation. You even need it to get cash out of an ATM.
[02:30.720 --> 02:35.420]  Everyone's lives as we sit here today is connected to space.
[02:35.520 --> 02:40.300]  Well, you can imagine the military is no exception. We're connected to space.
[02:40.300 --> 02:48.520]  We use it to move planes from point A to point B, to guide weapons, to plan disaster relief missions. Everything we do.
[02:48.720 --> 03:00.700]  So, if you're thinking about a way to beat our military, holding space assets at risk is a pretty easy way to take a big leap forward in terms of your capabilities.
[03:00.720 --> 03:05.560]  And so, we want to know if cyber is something we need to put more worry into.
[03:05.560 --> 03:10.220]  So, we're here to see if people can hack a satellite, which we think they'll be able to.
[03:10.220 --> 03:16.440]  And we hope to learn from the community how to be better and more cyber resilient in systems we build in the future.
[03:17.400 --> 03:26.160]  As an international community of hackers and nerds, how can they help out? What is the call to action here if there is one?
[03:26.160 --> 03:30.500]  Sure, Rowan. I'm going to try to stay flat. But boy, it's really hard because I'm excited about this.
[03:30.660 --> 03:39.060]  Anyway, back to Between Two Nerds. Just being here and being interested is a huge deal. We want to learn from you. The military is here to learn.
[03:39.980 --> 03:47.920]  Historically, we have been secure by hiding behind our fence lines and keeping systems secret until they're used on the battlefield.
[03:47.920 --> 03:55.820]  Well, that doesn't work anymore. Software is increasingly the delineator in whether systems are dominant or out of the fight.
[03:56.160 --> 04:05.880]  So we're getting outside of our fence lines and involving communities that can help us, like DEFCON, to see if we need to up our game in cyber.
[04:05.980 --> 04:17.340]  And so if our satellites have to operate to make the military work the way it's supposed to, we want to expose opportunities to hack them ahead of us taking them into conflict.
[04:17.340 --> 04:26.980]  So what I hope to learn from DEFCON, from all the amazing community members here, is how good we are today and what we need to do to be better in the future.
[04:27.020 --> 04:38.100]  So the Department of Defense historically has operated cybersecurity through obscurity. And that is a culture that we're trying to change.
[04:38.100 --> 04:44.940]  So I'm fortunate I run the Defense Digital Service, which is affectionately known as a SWAT team of nerds.
[04:44.940 --> 04:58.120]  And we are out there and we are trying to bring the very best in technical talent to the DoD. And part of that is about technology, but part of it is about culture.
[04:58.120 --> 05:09.900]  So when Will and I went to DEFCON last year, I'd been attending DEFCON for many years, but I brought Will and I said to him, this is a community we need to embrace.
[05:09.900 --> 05:20.660]  And one, DoD does not need to be afraid of this community. These are folks who we should be friends with. But two, we need to raise our bar.
[05:20.660 --> 05:28.880]  We need to challenge our software. We need to try and test our systems. And by doing that, we bring the very best in cybersecurity.
[05:29.040 --> 05:39.600]  So I love this partnership. We learn a lot. We challenge ourselves. Sometimes we learn things that are hard, but this is a community we really want to embrace.
[05:39.900 --> 05:45.700]  Can you tell me a little bit more about how you got involved with the space or what was the initial ask?
[05:45.700 --> 05:57.900]  So the first time I went to DEFCON, I was by myself. And I had recently left my first stint in government and people were like, you have to go to DEFCON.
[05:57.900 --> 06:06.000]  And I went there and I'm like, holy shit. I'm like, there's a gazillion people here. There are crazy things going on. And people said, don't bring a phone in.
[06:06.000 --> 06:20.060]  And I was completely enamored with this community. And then I came to DoD. And as we're trying to change this culture, which is a obscurity culture, a security by checklist,
[06:20.060 --> 06:29.600]  I'm like, this is a community that can help make us smarter and help us again, raise the bar even against ourselves.
[06:29.600 --> 06:44.440]  So by bringing Will and then showing all of the crazy cool things that we're doing, it allowed for that DDS Air Force relationship, which we could then come back and try and do some really cool things.
[06:44.620 --> 06:57.160]  And the funny part was last year, when DEFCON was winding up, I go to Will, I'm like, we should go back. And Will's like, yeah, we should go back. And I'm like, what do you think we should do?
[06:57.160 --> 07:03.820]  And dude's like, we should bring a satellite. And that was crazy. But now it's real.
[07:03.920 --> 07:17.880]  Yeah, it's great when crazy and real can be the same inside the Pentagon. And Brett's exactly right, that this is a community that the department and the Pentagon have been afraid of embracing.
[07:17.880 --> 07:28.900]  Partly because it's an old Cold War culture that's just behind the times. And another is simply because it doesn't get outside of its five sided walls very often.
[07:28.900 --> 07:38.660]  And my first trip to DEFCON was amazing. I'm a string theorist by background. I work in physics. I crossed over into defense for really weird reasons.
[07:38.660 --> 07:47.680]  But it's been an awesome job of getting to run $60 billion of satellites and airplane and cyber capabilities every year.
[07:47.680 --> 07:54.200]  As I look at this amazing portfolio of programs, everything is driven by software.
[07:54.360 --> 08:08.180]  And the United States government and our amazing men and women in uniform have put so much time and treasure into these amazing military systems that increasingly operate based on their software.
[08:08.180 --> 08:19.140]  So if you're looking to defeat us, you don't have to recreate the same systems, build a fighter to match ours, build a satellite to match ours. You just need to be able to hack us.
[08:19.200 --> 08:35.140]  And so I came last year wanting to see could people who have a great amount of expertise but not a lot of hands-on capability inside the military get inside a system like an F-15 fighter or the systems that enable it.
[08:35.140 --> 08:45.340]  And so we brought some of those enabling systems and the hacker community got in. But getting in was not the point of being here. It was the learning that happened afterwards.
[08:45.340 --> 08:52.780]  The hacker community got to learn something about our military systems and we left knowing how to make them more secure.
[08:52.860 --> 09:01.360]  And so we want to do the same thing for satellites. It's a very different problem than handing you a piece of hardware and saying, can you get in?
[09:01.360 --> 09:14.000]  The satellite isn't here, it's overhead, moving at 7 kilometers a second. And it only talks to the ground at certain places where we have a ground station that uplinks and downlinks different commands.
[09:14.000 --> 09:26.160]  This is a wicked hard problem. But I expect the DEFCON community is going to get in again. And the question we're going to ask is what should we learn? What should we do better?
[09:26.160 --> 09:37.380]  Because cyber is something any country, any terrorist group can try to do against our military. It's quicker, easier, and more seductive than trying to take us head on.
[09:37.380 --> 09:45.300]  So this dark side of the force is something we're going to have to be able to defeat. And we're here to learn from people who know a lot more than we do.
